At a glance:

Endpoint Vulnerability

Sandbox restrictions not applied to nested frame elements

Description

Mozilla community member Bob Owen reported that restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.